Researchers at Cambridge University found weak spots when they reverse engineered smart card readers from Barclays and NatWest, according to a ComputerWeekly.com report.
The readers are used with bank cards to produce one-time password that enable secure login to banking sites. Banks introduced the readers to reduce losses from phishing scams and keylogger attacks but the devices are susceptible to real-time man-in-the middle attacks.
“Optimised to Fail: Card readers for online banking,” was presented at the Financial Cryptography 2009 conference by authors Saar Drimer, Steven J Murdoch and Ross Anderson.
Read more here.